Wordpress being able to force push code updates looks a lot like a botnet to me. And I'm not talking about compromised instances. What could go wrong?

>In symmetric cryptography, the padding oracle attack can be applied to the CBC mode of operation, where the "oracle" (usually a server) leaks data about whether the padding of an encrypted message is correct or not. Such data can allow attackers to decrypt (and sometimes encrypt) messages through the oracle using the oracle's key, without knowing the encryption key. It's a pretty genius way to break cipher-block-chained encryption!

Ars reporting about this: [New ultra-stealthy Linux backdoor "Symbiote" isn’t your everyday malware discovery](https://lemmy.ml/post/309601)

> In the May update Bitwarden brings integration with three popular email forwarding services: SimpleLogin, AnonAddy, and Firefox Relay. These services focus on bringing privacy, and with it, security, to users’ online accounts. The combination of using email aliases they service alongside a password manager adds multiple layers of protection online. With these new Bitwarden integrations, users now have a convenient way to generate both anonymous email addresses and secure passwords for ultimate security.

> ⚡️CSIRT Italian, Excellent specialists work in this organization. I have carried out thousands of attacks on such organizations, even cyberpol does not have such a system to filter millions of requests. At the moment I see that these guys are good professionals! False Italian government, I advise you to increase the salary of several thousand dollars to this team. CSIRT Accept my respects gentlemen!🕺